<?php
require_once(dirname(__FILE__)."/config.php");
CheckRank(0, 0);
$menutype = 'mima';
if (!isset($dopost)) $dopost = '';
$pwd2 = (empty($pwd2)) ? "" : $pwd2;
$row = $dsql->GetOne("SELECT  * FROM `#@__member` WHERE mid='".$cfg_ml->M_ID."'");
$face = $row['face'];
if ($dopost == 'save') {
    if (function_exists('password_hash') && !empty($row['pwd_new'])) {
        if (!is_array($row) || !password_verify($oldpwd, $row['pwd_new'])) {
            ShowMsg('输入的旧密码错误', '-1');
            exit();
        }
    } else {
        if (!is_array($row) || $row['pwd'] != md5($oldpwd)) {
            ShowMsg('输入的旧密码错误', '-1');
            exit();
        }
    }
    if ($userpwd != $userpwdok) {
        ShowMsg('输入的新密码不一致', '-1');
        exit();
    }
    $addupquery = '';
    $admaddupquery = '';
    $pp = "pwd";
    $pwd = '';
    if ($userpwd == '') {
        if (function_exists('password_hash')) {
            $pp = "pwd_new";
            $pwd = $row['pwd_new'];
            $addupquery = ',pwd=\'\'';
        } else {
            $pwd = $row['pwd'];
        }
    } else {
        if (function_exists('password_hash')) 
        {
            $pp = "pwd_new";
            $pwd = password_hash($userpwd, PASSWORD_BCRYPT);
            $pwd2 = password_hash($userpwd, PASSWORD_BCRYPT);
            $addupquery = ',pwd=\'\'';
            $admaddupquery = ',pwd=\'\'';
        } else {
            $pwd = md5($userpwd);
            $pwd2 = substr(md5($userpwd), 5, 20);
        }
    }
    $query1 = "UPDATE `#@__member` SET $pp='$pwd',sex='$sex'{$addupquery} where mid='".$cfg_ml->M_ID."' ";
    $dsql->ExecuteNoneQuery($query1);
    //如果是管理员，修改其后台密码
    if ($cfg_ml->fields['matt'] == 10 && $pwd2 != "") {
        $query2 = "UPDATE `#@__admin` SET $pp='$pwd2'{$admaddupquery} where id='".$cfg_ml->M_ID."' ";
        $dsql->ExecuteNoneQuery($query2);
    }
    //清除会员缓存
    $cfg_ml->DelCache($cfg_ml->M_ID);
    ShowMsg('密码修改成功', '/user/', 0, 1000);
    exit();
}
include(DEDEMEMBER."/templets/edit_baseinfo.htm");